adulau/MISP-201909-CIRCL.md

## MISP-201909-CIRCL.md

      
    Raw
  

              MISP-201909-CIRCL.md
            
          
    MISP Training Wednesday ESDC 2020

Evidence and report to add in the MISP instance and share back with the training community


(1) https://mobile.twitter.com/James_inthe_box/status/1234502259414749184
(2) https://mobile.twitter.com/DynamicAnalysis/status/1234998504453361666
(3) https://mobile.twitter.com/unpacker/status/1170677293926080512
(4) https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/
(5) (CTI) https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf
(6) https://mobile.twitter.com/Vishnyak0v/status/1197129423830626318
(7) (INTELREP) https://www.foo.be/cours/dess-20192020/pub/gru/
(8) (CTI/OPS ITSEC) CVE-2019-17549 - https://cve.circl.lu/cve/CVE-2019-17549
(9) (CTI) https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/
(10) (disinformation) https://sputniknews.com/europe/202003041078470302-eu-move-to-let-greta-thunberg-speak-despite-coronavirus-ban-hits-raw-nerve-with-meps/
(11) (disinformation) https://sputniknews.com/middleeast/202003041078468686-the-west-ignores-turkeys-illegal-deployment-of-troops-to-syrias-idlib-russian-military/
(12) (CTI) https://mobile.twitter.com/benkow_/status/1226142113102016514
(13) (CTI) https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/
(14) (INTELREP) https://www.bellingcat.com/news/2020/02/25/an-officer-and-a-diplomat-the-strange-case-of-the-gru-spy-with-a-red-notice/

MISP Training Wednesday February 18 2020

Evidence and report to add in the MISP instance and share back with the training community


(1) https://mobile.twitter.com/James_inthe_box/status/1229509229267972097
(2) https://mobile.twitter.com/JAMESWT_MHT/status/1220372289876824064
(3) https://mobile.twitter.com/unpacker/status/1170677293926080512
(4) https://mobile.twitter.com/RedDrip7/status/1186494913279430656
(5) https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf
(6) https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
(7) https://www.foo.be/cours/dess-20192020/pub/gru/
(8) CVE-2019-11813 - https://cve.circl.lu/cve/CVE-2019-11813
(9) https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/

MISP Training Wednesday December 4 2019

Evidence and report to add in the MISP instance and share back with the training community


(1) https://mobile.twitter.com/James_inthe_box/status/1195354125950689280
(2) https://mobile.twitter.com/1ZRR4H/status/1201249017549729793
(3) https://twitter.com/Int2e_/status/1192206123451011072
(4) https://www.foo.be/cours/dess-20192020/pub/gru/
(5) https://blog.telsy.com/lazarus-gate/
(6) https://app.any.run/tasks/8286e7e1-710a-4570-805d-8a03395caa31/
(7) https://www.crowdstrike.com/resources/wp-content/brochures/reports/huge-fan-of-your-work-intelligence-report.pdf
(8) https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-CTI-005.pdf - https://mobile.twitter.com/CERT_FR/status/1181238695309053953
(9) https://www.us-cert.gov/ncas/analysis-reports/ar19-304a
(10) USB key with evidences

Previous exercise

Report to add in your MISP instance and share back with the training community


(1) https://www.sentinelone.com/blog/fin6-frameworkpos-point-of-sale-malware-analysis-internals/
(2) https://meltx0r.github.io/tech/2019/09/19/emissary-panda-apt.html
(3) https://lab52.io/blog/winnti-group-geostrategic-analysis-and-ttp/
(4) https://twitter.com/Rmy_Reserve/status/1175989476155215878
(5) https://twitter.com/craiu/status/1176437943369703424
(6) https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/
(7) https://twitter.com/chybeta/status/1176165964196376576
(8) https://www.cricketage.in/2018/09/13/exposed-slc-attempted-fraud-is-of-11-1-million-dollars-three-employees-involved/
(9) https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/